James R. Mirick sets the record straight on things he cares about

New Attacks Against the Internet

During February and March of this year, several significant attacks were made against one of the core components of the Internet, the Domain Name System. This is the service that changes names we recognize, like http://www.yahoo.com, into the number-only address that the Internet's servers and routers use to actually find the website. If an attacker can disable this service, the Internet is, for practical purposes, almost completely disabled.

This is a very different situation from what most of the security community is focussing on, which is spam reduction, identity theft, and phishing attacks. Those are, if you will, commercial attacks against commercial targets, either consumers or businesses. These attacks are something else again, because their objective is to bring down the Internet itself, not just steal from somebody via the Internet. Whoever is probing these defenses is looking to strike a stunning economic blow against the developed economies by seriously disrupting our commercial and connunication infrastructure. Would they do it, or just hold it for ransom to get us to knuckle under?

They are using a technique called "DNS amplification" to do this, a more technical article by ICANN with some fixes is HERE.

On Sunday 5 February 2006, from 20:44 through 20:58 GMT, name servers operated by a key TLD name server operator received an average of 60 Mbps of traffic subsequently classified as attack traffic at each interface of every public name server node it operates. The aggregated attack traffic received was later determined to be approximately 1 Gigabitper second. Traffic analysis during the attack period showed that the operator was receiving abnormally large UDP messages (in excess of 1500 bytes), resulting in IP packet fragmentation.

I wish I had a better feeling about how we were being protected from this kind of stuff, but experience shows that an administration that was taken by surprise when New Orleans was flooded, something that was foretold for 15 years by engineers, is unlikely to do any better on this. Our emergency preparedness for true disasters seems to rest on "responsiveness" rather than preparation and what that boils down to is "victim assistance." I suspect we're gonna be sorry.